A powerful bankers’ association has failed in its attempt to censor a student thesis after complaining that it revealed a loophole in bank card security.

The UK Cards Association, which represents major UK banks and building societies, asked Cambridge University to remove the thesis from its website, but the request was met with a blunt refusal…

The thesis by computer security student Omar Choudary, entitled “The smart card detective: a handheld EMV interceptor”, described a flaw in the chip-and-pin (personal identification number) security system that allows criminals to make fraudulent transactions with a stolen bank card using any pin they care to choose…

But in a reply to the UKCA, Ross Anderson, professor of security engineering at the university’s Computer Laboratory, refused to take down the thesis and said the loopholes had already been disclosed to bankers.

You seem to think we might censor a student’s thesis, which is lawful and already in the public domain, simply because a powerful interest finds it inconvenient. This shows a deep misconception of what universities are and how we work. Cambridge is the University of Erasmus, of Newton and of Darwin; censoring writings that offend the powerful is offensive to our deepest values,” Anderson wrote.

Right on, Professor Anderson!

  1. madtruckman says:

    …you’ll think ‘right on’ eideard when its YOUR bank card that gets compromised. But there probably isnt anything in there anyways, so ya know…

  2. Olo Baggins of Bywater says:

    #1…RTFA. They disclosed the flaw to the banks over a year ago.

  3. chuck says:

    “…censoring writings that offend the powerful is offensive to our deepest values…”

    Unless it involves censoring any papers which go against AGW dogma. Then we censor the crap out of it and tell everyone the author is crazy.

  4. deowll says:

    In any event the bankers had better get their bleep together and fix the problem before they are cleaned out. Standing around, moaning, and blaming the messenger isn’t getting the barn door closed.

  5. Skeptic says:

    The problem isn’t only card security. People in general don’t treat their credit cards with the same respect as their credit limit in cash. Card holders don’t seem to be taking enough personal responsibility for the security of their cards. How does a card get “stolen” and still be activated a month or more later?

  6. bobbo, are we Men of Science, or Devo? says:

    “Cambridge is the University of Erasmus, of Newton and of Darwin; censoring writings that offend the powerful is offensive to our deepest values,” /// Name dropping all over the place. Kinda did take my breath away—just a bit. Oxford is a trip to just walk around. Get a sunny day and you’ve got a bit of heaven.

  7. Olo Baggins of Bywater says:

    Ah, this is nothing. Just wait until Assange drops the goods on Bank of America. Got their stock? Sell it. lol

  8. Tough ****. Nobody gets riled up when some “researched” reveals security holes in computer operating systems to the public, even though consumers use a computer to access their bank accounts and purchase online items. As if this is any different. Fix the problem and stop pointing fingers at those who tell the rest of us that there’s a problem. Especially one that’s not been addressed for over a year!

  9. MikeN says:

    ‘offend the powerful’

    No, Professor, it actually threatens the powerless. The banks will do just fine. It is the consumers whose money gets stolen that are in trouble. I’d rather these details be difficult to access.

  10. Olo Baggins of Bywater says:

    Mike…So, should we have some standards or regulations to ensure the financial security of us powerless peons?

  11. aafa says:

    The computing guys here are pretty awesome – the article fails to mention Ross Anderson likes legal related stuff so is a good man to have in the Security group (has been an expert witness etc.)

  12. Heinrich Moltke says:

    This headline is poorly worded. It should read:

    “Bankers Fail to Censor Thesis…”

  13. Yankinwaoz says:

    I love how some idiots think that suppressing news of security flaws will keep it out of the hands of bad guys.

  14. madtruckman says:

    #13-I know it wont keep things out of the hands of the bad guys, but we shouldnt put flashing lights with neon signs on it saying ‘HERE TAKE THIS!!’. just because you can, doesnt mean you should…

  15. Breetai says:

    Typical shoot the messenger bullshit. You’d think that banks would be figuring out ways secure the data instead of ways to cover it up.

    This is a great example of why bankers are not worth what they’re paid, pure incompetence.

  16. msbpodcast says:

    Get the NRA involved.

    “Banning information is like banning guns.

    Do that and only criminals
    will have guns/information.”

    Now how about we go and hold a public execution/exposure of the bankers who are siting on the money they borrow from the Fed instead of making loans.

    How about we go and hold the event with guns/information trained on the CEOs of companies who are sitting on billions in cash instead of hiring.

  17. Alfred Persson says:

    What a load of crap…if a progressive Soros front wanted it pulled, they would in a heart beat.

    Its the evil bankers…

    Its time we defund such “higher education” and see if it survives on its own.

  18. Lou says:

    I like this Anderson guy.

  19. Named says:

    17 Alfred E Newman,

    “Its time we defund such “higher education” and see if it survives on its own.”

    Ahhh… Spoken like a true moran.


Bad Behavior has blocked 13762 access attempts in the last 7 days.